diff --git a/.gitignore b/.gitignore index 18c75fb..ae85be5 100644 --- a/.gitignore +++ b/.gitignore @@ -35,3 +35,4 @@ terraform.rc .env .terraform.lock.hcl conf.img +pfsense.qcow2 diff --git a/00-provider.tf b/00-provider.tf index 0c41e12..614d5fd 100644 --- a/00-provider.tf +++ b/00-provider.tf @@ -11,20 +11,15 @@ https://opensource.org/licenses/MIT. terraform { required_version = ">= 0.14.0" required_providers { - openstack = { - source = "terraform-provider-openstack/openstack" - version = "3.0.0" + stackit = { + source = "stackitcloud/stackit" + version = "0.44.0" } } } -# Configure the OpenStack Provider -provider "openstack" { - user_name = var.USERNAME - tenant_id = var.TENANTID - user_domain_name = "portal_mvp" - project_domain_id = "portal_mvp" - password = var.PASSWORD - auth_url = "https://keystone.api.iaas.eu01.stackit.cloud/v3/" - region = "RegionOne" +provider "stackit" { + default_region = "eu01" + service_account_token = var.STACKIT_SERVICE_ACCOUNT_TOKEN + enable_beta_resources = true } diff --git a/01-config.tf b/01-config.tf index 30c0c1e..a781d41 100644 --- a/01-config.tf +++ b/01-config.tf @@ -11,47 +11,35 @@ https://opensource.org/licenses/MIT. # Custom User Settings # -# OpenStack Availability Zone +# STACKIT Availability Zone variable "zone" { type = string description = "" default = "eu01-m" } -# OpenStack VM Flavor +# STACKIT VM Flavor variable "flavor" { type = string description = "" default = "c1.2" } -# Local VPC Subnet to create OpenStack Network +# Local VPC Subnet to create Network variable "LOCAL_SUBNET" { type = string description = "" default = "10.0.0.0/24" } -############################################ - -# -# System Settings (do not edit) -# - -# OpenStack UAT Username -variable "USERNAME" { +# STACKIT ProjectID +variable "STACKIT_PROJECT_ID" { type = string description = "" } -# OpenStack Project ID -variable "TENANTID" { +# STACKIT Service Account Token +variable "STACKIT_SERVICE_ACCOUNT_TOKEN" { type = string description = "" -} - -# OpenStack UAT Password -variable "PASSWORD" { - type = string - description = "" -} +} \ No newline at end of file diff --git a/02-pfsense-image.tf b/02-pfsense-image.tf index 5374ad9..6f275bf 100644 --- a/02-pfsense-image.tf +++ b/02-pfsense-image.tf @@ -7,12 +7,30 @@ license that can be found in the LICENSE file or at https://opensource.org/licenses/MIT. */ -# Upload VPN Appliance Image to OpenStack -resource "openstack_images_image_v2" "pfsense_image" { - name = "pfsense-2.7.2-amd64-image" - image_source_url = "https://pfsense.object.storage.eu01.onstackit.cloud/pfsense-ce-2.7.2-amd64-10-12-2024.qcow2" - web_download = true - container_format = "bare" - disk_format = "qcow2" - visibility = "shared" +# Local copy of the Image +resource "null_resource" "pfsense_image_file" { + triggers = { + always_run = timestamp() + } + + provisioner "local-exec" { + command = "curl -o pfsense.qcow2 https://pfsense.object.storage.eu01.onstackit.cloud/pfsense-ce-2.7.2-amd64-10-12-2024.qcow2" + } +} + +# Upload VPN Appliance Image to STACKIT +resource "stackit_image" "pfsense_image" { + project_id = var.STACKIT_PROJECT_ID + name = "pfsense-2.7.2-amd64-image" + local_file_path = "./pfsense.qcow2" + disk_format = "qcow2" + depends_on = [null_resource.pfsense_image_file] + min_disk_size = 10 + min_ram = 2 + config = { + uefi = false + cdrom_bus = "scsi" + disk_bus = "scsi" + secure_boot = false + } } diff --git a/03-pfsense-network.tf b/03-pfsense-network.tf index ee5f1f8..17857d6 100644 --- a/03-pfsense-network.tf +++ b/03-pfsense-network.tf @@ -7,72 +7,42 @@ license that can be found in the LICENSE file or at https://opensource.org/licenses/MIT. */ -# Create vNET Networks -resource "openstack_networking_network_v2" "vpc_network" { - name = "VPC Network" - description = "Local Peering VPC Network" - admin_state_up = "true" +# Get vNET Networks +resource "stackit_network" "lan_network" { + project_id = var.STACKIT_PROJECT_ID + name = "lan_network" + ipv4_nameservers = ["208.67.222.222", "9.9.9.9"] + ipv4_prefix_length = 24 } -resource "openstack_networking_network_v2" "wan_network" { - name = "WAN Network" - description = "Transfer Net for binding FloatingIPs" - admin_state_up = "true" +resource "stackit_network" "wan_network" { + project_id = var.STACKIT_PROJECT_ID + name = "wan_network" + ipv4_nameservers = ["208.67.222.222", "9.9.9.9"] + ipv4_prefix_length = 28 } -# Create Subnets -resource "openstack_networking_subnet_v2" "vpc_subnet_1" { - name = "vpc_subnet" - description = "Local VPC Network" - network_id = openstack_networking_network_v2.vpc_network.id - cidr = var.LOCAL_SUBNET - ip_version = 4 - dns_nameservers = [ - "208.67.222.222", - "9.9.9.9", - ] +resource "stackit_network_interface" "nic_lan" { + project_id = var.STACKIT_PROJECT_ID + network_id = stackit_network.lan_network.network_id } -resource "openstack_networking_subnet_v2" "wan_subnet_1" { - name = "wan_subnet" - description = "WAN Network" - network_id = openstack_networking_network_v2.wan_network.id - cidr = "100.96.96.0/25" - ip_version = 4 - dns_nameservers = [ - "208.67.222.222", - "9.9.9.9", - ] +resource "stackit_network_interface" "nic_wan" { + project_id = var.STACKIT_PROJECT_ID + network_id = stackit_network.wan_network.network_id } -# Create OpenStack Router - -resource "openstack_networking_router_v2" "vpc_router" { - name = "vpc_router" - description = "VPC Router" +resource "stackit_public_ip" "example" { + project_id = var.STACKIT_PROJECT_ID + network_interface_id = stackit_network_interface.nic_wan.network_interface_id } -resource "openstack_networking_router_interface_v2" "vpc_router_interface_1" { - router_id = openstack_networking_router_v2.vpc_router.id - subnet_id = openstack_networking_subnet_v2.vpc_subnet_1.id -} -resource "openstack_networking_router_v2" "wan_router" { - name = "wan_router" - description = "WAN Router" - external_network_id = "970ace5c-458f-484a-a660-0903bcfd91ad" -} +# Get Subents +#data "openstack_networking_subnet_v2" "vpc_subnet_1" { +# network_id = stackit_network.lan_network.network_id +#} -# Create Router interfaces -resource "openstack_networking_router_interface_v2" "wan_router_interface_1" { - router_id = openstack_networking_router_v2.wan_router.id - subnet_id = openstack_networking_subnet_v2.wan_subnet_1.id -} - -# Create static routing entry for VPC Traffic to hit the pfSense instead of the default gateway -resource "openstack_networking_router_route_v2" "vpc_router_route_1" { - depends_on = [openstack_networking_router_interface_v2.vpc_router_interface_1] - router_id = openstack_networking_router_v2.vpc_router.id - destination_cidr = "0.0.0.0/0" - next_hop = openstack_compute_instance_v2.instance_fw.network.1.fixed_ip_v4 -} +#data "openstack_networking_subnet_v2" "wan_subnet_1" { +# network_id = stackit_network.wan_network.network_id +#} \ No newline at end of file diff --git a/04-pfsense-appliance.tf b/04-pfsense-appliance.tf index 2b296cc..1905ba0 100644 --- a/04-pfsense-appliance.tf +++ b/04-pfsense-appliance.tf @@ -7,68 +7,36 @@ license that can be found in the LICENSE file or at https://opensource.org/licenses/MIT. */ -# Create root Volume -resource "openstack_blockstorage_volume_v3" "fw_root_volume" { +resource "stackit_volume" "pfsense_vol" { + project_id = var.STACKIT_PROJECT_ID name = "pfsense-2.7.2-root" - description = "Root Volume" + availability_zone = var.zone size = 16 - image_id = openstack_images_image_v2.pfsense_image.id + performance_class = "storage_premium_perf4" + source = { + id = stackit_image.pfsense_image.image_id + type = "image" + } +} + +resource "stackit_server" "pfsense_Server" { + project_id = var.STACKIT_PROJECT_ID + name = "pfSense" + boot_volume = { + source_type = "volume" + source_id = stackit_volume.pfsense_vol.volume_id + } availability_zone = var.zone - volume_type = "storage_premium_perf4" + machine_type = var.flavor } -# Create virtual Server -resource "openstack_compute_instance_v2" "instance_fw" { - name = "pfSense" # Server name - flavor_name = var.flavor - availability_zone = var.zone - - block_device { - uuid = openstack_blockstorage_volume_v3.fw_root_volume.id - source_type = "volume" - destination_type = "volume" - boot_index = 0 - delete_on_termination = true - } - - network { - port = openstack_networking_port_v2.wan_port_1.id - } - - network { - port = openstack_networking_port_v2.vpc_port_1.id - } - +resource "stackit_server_network_interface_attach" "nic-attachment-lan" { + project_id = var.STACKIT_PROJECT_ID + server_id = stackit_server.pfsense_Server.server_id + network_interface_id = stackit_network_interface.nic_lan.network_interface_id } - -# Network Ports -resource "openstack_networking_port_v2" "wan_port_1" { - name = "FW WAN Port" - network_id = openstack_networking_network_v2.wan_network.id - admin_state_up = "true" - port_security_enabled = "false" - fixed_ip { - subnet_id = openstack_networking_subnet_v2.wan_subnet_1.id - } -} - -resource "openstack_networking_port_v2" "vpc_port_1" { - name = "FW VPC Port" - network_id = openstack_networking_network_v2.vpc_network.id - admin_state_up = "true" - port_security_enabled = "false" - fixed_ip { - subnet_id = openstack_networking_subnet_v2.vpc_subnet_1.id - } -} - - -# Add FloatingIP -resource "openstack_networking_floatingip_v2" "fip" { - pool = "floating-net" -} - -resource "openstack_networking_floatingip_associate_v2" "fip" { - floating_ip = openstack_networking_floatingip_v2.fip.address - port_id = openstack_networking_port_v2.wan_port_1.id +resource "stackit_server_network_interface_attach" "nic-attachment-wan" { + project_id = var.STACKIT_PROJECT_ID + server_id = stackit_server.pfsense_Server.server_id + network_interface_id = stackit_network_interface.nic_wan.network_interface_id } \ No newline at end of file